|
|
Auteur
|
Message
|
1
|
|
|
|
kikou voila j'ai un petit souci j'ai tout plein de pub d'antivirus et autres qui vienne spammer mon pc j'aurai besoin de votre aide merci d'avance
-->Message édité par lulubel le 24/04/2008 11:40:54<--
|
|
Equipe Sécurité
|
|
|
Salut 
Télécharge HijackThis (Merjin).
* Ferme toutes les fenêtres et lance le.
* Cliques sur « Do a system Scan Only and Save a Logfile »
* Un rapport apparaît à l’écran.
* Copie/Colle l’ensemble du rapport ici.
|
|
|
|
|
merci de ton aide voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:59, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\ludehwpc\lurstgvi.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\nmbwhkjk.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [4ca4c071] rundll32.exe "C:\WINDOWS\system32\gryljpeb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [jgdcmxnh] C:\WINDOWS\system32\nmbwhkjk.exe
O4 - HKLM\..\Policies\Explorer\Run: [aeAzUwh6KI] C:\Documents and Settings\All Users\Application Data\ludehwpc\lurstgvi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Documents and Settings\bruno BLIN\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/play(...)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9100 bytes
|
|
Equipe Sécurité
|
|
|
RE 
Télécharge Navilog1 (Il Mafioso)
Double-clique sur navilog1.exe pour lancer l'installation. Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
/!\ N'utilise pas l'option 2,3 et 4 sans notre accord /!\
Patiente jusqu'à l'apparition de ce message : *** Analyse Termine le ..... ***
Appuie sur une touche comme il est demandé, un rapport va s’ouvrir, sauvegarde-le sur le bureau et poste-le sur le forum.
|
|
|
|
|
Search Navipromo version 3.5.4 commencé le 20/04/2008 à 14:01:01,32
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "bruno BLIN"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
C:\WINDOWS\mslagent trouvé !
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\bruno BLIN\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\bruno BLIN\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\bruno BLIN\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\bruno BLIN\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1.BRU\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\bruno BLIN\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1.BRU\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\uCdLknnn.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 20/04/2008 à 14:11:44,79 ***
|
|
Equipe Sécurité
|
|
|
Double clique sur le raccourci Navilog1.
Au menu principal, choisis l'option 2 et valide.
Le fix t'informe qu'il va redémarrer le PC.
Appuie sur une touche comme demandé.
Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'à l'apparition de ce message : *** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir. Sauvegarde le rapport sur ton bureau.
Ferme le bloc-notes et ton bureau va réapparaître.
Démarrer > panneau de configuration > options Internet
Clique sur l'onglet « Contenu » puis sur l'onglet « Certificats » et si tu trouves ceci, en particulier dans éditeurs approuvés :
« electronic-group ; egroup ; Montorgueil ; VIP ; Sunny Day Design Ltd ; oooFavorite ; Favorite »
: Supprime les tous !
Puis poste le rapport sur le forum.
+ nouveau rapport HijackThis.
|
|
|
|
|
Clean Navipromo version 3.5.4 commencé le 20/04/2008 à 14:59:55,31
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "bruno BLIN"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\bruno BLIN\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1.BRU\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
C:\WINDOWS\mslagent ...suppression...
C:\WINDOWS\mslagent supprimé !
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\bruno BLIN\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\bruno BLIN\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\bruno BLIN\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\bruno BLIN\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\bruno BLIN\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1.BRU\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 20/04/2008 à 15:03:41,71 ***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:11, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\All Users\Application Data\ludehwpc\lurstgvi.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\nmbwhkjk.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [4ca4c071] rundll32.exe "C:\WINDOWS\system32\gryljpeb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [jgdcmxnh] C:\WINDOWS\system32\nmbwhkjk.exe
O4 - HKLM\..\Policies\Explorer\Run: [aeAzUwh6KI] C:\Documents and Settings\All Users\Application Data\ludehwpc\lurstgvi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Documents and Settings\bruno BLIN\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/play(...)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8931 bytes
voilou par contre j'ai trouver aucun certificat present dans ta liste
-->Message édité par lulubel le 20/04/2008 15:12:14<--
|
|
Equipe Sécurité
|
|
|
RE
/!\ Désactive tes protections résidentes durant la procédure /!\
Télécharge Combofix (sUBs) sur ton bureau.
Redémarre en mode sans échec
Double clique sur combofix.exe.
Appuie sur Y (Yes) pour lancer le scan.
Quand le scan sera terminé, enregistre le rapport et redémarre en mode normal.
Copie/Colle le rapport sur le forum situé ici C:\Combofix.txt.
|
|
|
|
|
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.615 [GMT 2:00]
Endroit: C:\Documents and Settings\bruno BLIN\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bruno BLIN\Application Data\urlredir.cfg
C:\Documents and Settings\bruno BLIN\Bureaublackbird.jpg
C:\Documents and Settings\bruno BLIN\BureauEditorFKWP1.5.exe
C:\Documents and Settings\bruno BLIN\BureauEditorFKWP2.0.exe
C:\Documents and Settings\bruno BLIN\Bureaufilemanagerclient.exe
C:\Documents and Settings\bruno BLIN\Bureaufkwp1.5.exe
C:\Documents and Settings\bruno BLIN\Bureaufkwp2.0.exe
C:\Documents and Settings\bruno BLIN\Bureaufwebd.exe
C:\Documents and Settings\bruno BLIN\BureauFWebdEditor.exe
C:\Documents and Settings\bruno BLIN\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\bruno BLIN\Bureauvirii
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\eqbranch
C:\Program Files\eqbranch\sf.txt
C:\Program Files\fcadvice
C:\Program Files\fcadvice\patterns.dat
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\keyboard101.dat
C:\WINDOWS\mssecu.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\bepjlyrg.ini
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\gryljpeb.dll
C:\WINDOWS\system32\nnnkLdCu.dll
C:\WINDOWS\system32\nsz32.dll
C:\WINDOWS\system32\uCdLknnn.ini
C:\WINDOWS\system32\uCdLknnn.ini2
C:\WINDOWS\system32\vtUmLdbC.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:04 . 2008-04-20 16:04 102,400 --a------ C:\WINDOWS\system32\xghgbine.exe
2008-04-20 13:43 . 2008-04-20 13:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 12:49 . 2008-04-20 15:03 <REP> d-------- C:\Program Files\Navilog1
2008-04-19 13:56 . 2008-04-19 13:56 <REP> d-------- C:\Program Files\StoneTrip
2008-04-19 13:56 . 2008-04-19 13:56 <REP> d-------- C:\Documents and Settings\bruno BLIN\Application Data\StoneTrip
2008-04-18 22:47 . 2008-04-19 22:48 1,541,313 ---hs---- C:\WINDOWS\system32\srnpduiv.ini
2008-04-18 10:28 . 2008-04-16 10:07 290,816 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-18 10:28 . 2008-04-16 10:07 98,304 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-18 10:27 . 2008-04-18 10:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ludehwpc
2008-04-18 10:27 . 2008-04-18 10:27 102,400 --a------ C:\WINDOWS\system32\nmbwhkjk.exe
2008-04-11 17:46 . 2008-04-11 17:46 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-04-09 22:31 . 2008-04-14 17:40 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-03 11:26 . 2008-04-03 11:26 16,560 -r-hs---- C:\Program Files\tmp42015.exe
2008-04-02 22:13 . 2008-04-02 22:13 16,560 -r-hs---- C:\Program Files\tmp57140.exe
2008-04-02 22:13 . 2008-04-02 22:13 16,560 -r-hs---- C:\Program Files\tmp42500.exe
2008-04-02 19:43 . 2008-04-02 19:43 16,560 -r-hs---- C:\Program Files\tmp61140.exe
2008-04-02 19:43 . 2008-04-02 19:43 16,560 -r-hs---- C:\Program Files\tmp55437.exe
2008-04-02 14:20 . 2008-04-02 14:20 16,560 -r-hs---- C:\Program Files\tmp57453.exe
2008-04-02 14:19 . 2008-04-02 14:19 16,560 -r-hs---- C:\Program Files\tmp43281.exe
2008-04-02 11:32 . 2008-04-02 11:32 16,560 -r-hs---- C:\Program Files\tmp59015.exe
2008-04-02 11:32 . 2008-04-02 11:32 16,560 -r-hs---- C:\Program Files\tmp43656.exe
2008-04-02 09:38 . 2008-04-02 09:38 16,560 -r-hs---- C:\Program Files\tmp60671.exe
2008-04-02 09:38 . 2008-04-02 09:38 16,560 -r-hs---- C:\Program Files\tmp54593.exe
2008-04-02 09:26 . 2008-04-02 09:26 16,560 -r-hs---- C:\Program Files\tmp57062.exe
2008-04-02 09:25 . 2008-04-02 09:25 16,560 -r-hs---- C:\Program Files\tmp42687.exe
2008-04-01 22:18 . 2008-04-01 22:18 16,560 -r-hs---- C:\Program Files\tmp56671.exe
2008-04-01 17:29 . 2008-04-01 17:29 16,560 -r-hs---- C:\Program Files\tmp55156.exe
2008-04-01 13:29 . 2008-04-01 13:29 16,560 -r-hs---- C:\Program Files\tmp60812.exe
2008-04-01 13:28 . 2008-04-01 13:28 16,560 -r-hs---- C:\Program Files\tmp55687.exe
2008-04-01 08:37 . 2008-04-01 08:37 16,560 -r-hs---- C:\Program Files\tmp47500.exe
2008-04-01 08:37 . 2008-04-01 08:37 16,560 -r-hs---- C:\Program Files\tmp42406.exe
2008-03-31 23:56 . 2008-03-31 23:56 16,560 -r-hs---- C:\Program Files\tmp47968.exe
2008-03-31 23:56 . 2008-03-31 23:56 16,560 -r-hs---- C:\Program Files\tmp42265.exe
2008-03-31 19:24 . 2008-03-31 19:24 16,560 -r-hs---- C:\Program Files\tmp48734.exe
2008-03-31 19:24 . 2008-03-31 19:24 16,560 -r-hs---- C:\Program Files\tmp43609.exe
2008-03-31 10:43 . 2008-03-31 10:43 16,560 -r-hs---- C:\Program Files\tmp63187.exe
2008-03-31 10:43 . 2008-03-31 10:43 16,560 -r-hs---- C:\Program Files\tmp56406.exe
2008-03-31 10:28 . 2008-03-31 10:28 16,560 -r-hs---- C:\Program Files\tmp49421.exe
2008-03-31 10:27 . 2008-03-31 10:27 16,560 -r-hs---- C:\Program Files\tmp44015.exe
2008-03-31 00:50 . 2008-03-31 00:50 268 --ah----- C:\sqmdata05.sqm
2008-03-31 00:50 . 2008-03-31 00:50 244 --ah----- C:\sqmnoopt05.sqm
2008-03-30 23:50 . 2008-03-30 23:50 16,560 -r-hs---- C:\Program Files\tmp57218.exe
2008-03-30 23:50 . 2008-03-30 23:50 16,560 -r-hs---- C:\Program Files\tmp42593.exe
2008-03-30 18:38 . 2008-03-30 18:38 16,560 -r-hs---- C:\Program Files\tmp61109.exe
2008-03-30 18:38 . 2008-03-30 18:38 16,560 -r-hs---- C:\Program Files\tmp55500.exe
2008-03-30 18:20 . 2008-03-30 18:20 16,560 -r-hs---- C:\Program Files\tmp48109.exe
2008-03-30 18:20 . 2008-03-30 18:20 16,560 -r-hs---- C:\Program Files\tmp42640.exe
2008-03-29 13:12 . 2008-03-29 13:12 16,560 -r-hs---- C:\Program Files\tmp62078.exe
2008-03-29 13:12 . 2008-03-29 13:12 16,560 -r-hs---- C:\Program Files\tmp56828.exe
2008-03-29 11:24 . 2008-03-29 11:24 16,560 -r-hs---- C:\Program Files\tmp47781.exe
2008-03-29 11:23 . 2008-03-29 11:23 16,560 -r-hs---- C:\Program Files\tmp42375.exe
2008-03-28 23:11 . 2008-03-28 23:11 16,560 -r-hs---- C:\Program Files\tmp58609.exe
2008-03-28 23:11 . 2008-03-28 23:11 16,560 -r-hs---- C:\Program Files\tmp43031.exe
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Logs
2008-03-28 18:36 . 2008-03-28 18:36 16,560 -r-hs---- C:\Program Files\tmp48484.exe
2008-03-28 18:35 . 2008-03-28 18:35 16,560 -r-hs---- C:\Program Files\tmp43156.exe
2008-03-28 16:39 . 2008-03-28 16:39 16,560 -r-hs---- C:\Program Files\tmp49000.exe
2008-03-28 16:39 . 2008-03-28 16:39 16,560 -r-hs---- C:\Program Files\tmp43296.exe
2008-03-27 14:50 . 2008-03-27 14:50 16,560 -r-hs---- C:\Program Files\tmp64171.exe
2008-03-27 14:49 . 2008-03-27 14:49 16,560 -r-hs---- C:\Program Files\tmp58750.exe
2008-03-27 14:45 . 2008-03-27 14:45 16,560 -r-hs---- C:\Program Files\tmp63875.exe
2008-03-27 14:45 . 2008-03-27 14:45 16,560 -r-hs---- C:\Program Files\tmp58328.exe
2008-03-27 11:41 . 2008-03-27 11:41 16,560 -r-hs---- C:\Program Files\tmp61343.exe
2008-03-27 11:41 . 2008-03-27 11:41 16,560 -r-hs---- C:\Program Files\tmp54968.exe
2008-03-27 09:56 . 2008-03-27 09:56 16,560 -r-hs---- C:\Program Files\tmp63859.exe
2008-03-27 09:56 . 2008-03-27 09:56 16,560 -r-hs---- C:\Program Files\tmp58156.exe
2008-03-26 23:31 . 2008-03-26 23:31 16,560 -r-hs---- C:\Program Files\tmp56015.exe
2008-03-26 23:31 . 2008-03-26 23:31 16,560 -r-hs---- C:\Program Files\tmp42281.exe
2008-03-26 20:23 . 2008-03-26 20:23 16,560 -r-hs---- C:\Program Files\tmp47703.exe
2008-03-26 20:23 . 2008-03-26 20:23 16,560 -r-hs---- C:\Program Files\tmp41953.exe
2008-03-26 17:51 . 2008-03-26 17:51 16,560 -r-hs---- C:\Program Files\tmp47718.exe
2008-03-26 17:51 . 2008-03-26 17:51 16,560 -r-hs---- C:\Program Files\tmp42578.exe
2008-03-26 15:26 . 2008-03-26 15:26 16,560 -r-hs---- C:\Program Files\tmp48875.exe
2008-03-26 15:26 . 2008-03-26 15:26 16,560 -r-hs---- C:\Program Files\tmp43578.exe
2008-03-26 13:05 . 2008-03-26 13:05 16,560 -r-hs---- C:\Program Files\tmp47609.exe
2008-03-26 13:05 . 2008-03-26 13:05 16,560 -r-hs---- C:\Program Files\tmp42343.exe
2008-03-25 21:17 . 2008-03-25 21:17 16,560 -r-hs---- C:\Program Files\tmp61828.exe
2008-03-25 21:16 . 2008-03-25 21:16 16,560 -r-hs---- C:\Program Files\tmp55781.exe
2008-03-25 18:56 . 2008-03-25 18:56 16,560 -r-hs---- C:\Program Files\tmp48265.exe
2008-03-25 18:56 . 2008-03-25 18:56 16,560 -r-hs---- C:\Program Files\tmp43078.exe
2008-03-25 17:20 . 2008-03-25 17:20 16,560 -r-hs---- C:\Program Files\tmp46390.exe
2008-03-25 17:19 . 2008-03-25 17:19 16,560 -r-hs---- C:\Program Files\tmp40468.exe
2008-03-25 09:55 . 2008-03-25 09:55 16,560 -r-hs---- C:\Program Files\tmp57031.exe
2008-03-25 09:55 . 2008-03-25 09:55 16,560 -r-hs---- C:\Program Files\tmp42156.exe
2008-03-24 20:09 . 2008-03-24 20:09 16,560 -r-hs---- C:\Program Files\tmp48171.exe
2008-03-24 20:09 . 2008-03-24 20:09 16,560 -r-hs---- C:\Program Files\tmp42765.exe
2008-03-22 15:54 . 2008-03-22 15:54 16,560 -r-hs---- C:\Program Files\tmp49046.exe
2008-03-22 15:53 . 2008-03-22 15:53 16,560 -r-hs---- C:\Program Files\tmp43828.exe
2008-03-22 14:04 . 2008-03-22 14:04 16,560 -r-hs---- C:\Program Files\tmp48078.exe
2008-03-22 14:04 . 2008-03-22 14:04 16,560 -r-hs---- C:\Program Files\tmp42453.exe
2008-03-22 10:49 . 2008-03-22 10:49 16,560 -r-hs---- C:\Program Files\tmp61687.exe
2008-03-22 10:49 . 2008-03-22 10:49 16,560 -r-hs---- C:\Program Files\tmp56593.exe
2008-03-21 23:10 . 2008-03-21 23:10 16,560 -r-hs---- C:\Program Files\tmp61218.exe
2008-03-21 23:10 . 2008-03-21 23:10 16,560 -r-hs---- C:\Program Files\tmp54812.exe
2008-03-21 20:18 . 2008-03-21 20:18 16,560 -r-hs---- C:\Program Files\tmp61843.exe
2008-03-21 20:18 . 2008-03-21 20:18 16,560 -r-hs---- C:\Program Files\tmp55375.exe
2008-03-21 13:12 . 2008-03-21 13:12 16,560 -r-hs---- C:\Program Files\tmp61250.exe
2008-03-21 13:11 . 2008-03-21 13:11 16,560 -r-hs---- C:\Program Files\tmp56031.exe
2008-03-21 11:26 . 2008-03-21 11:26 16,560 -r-hs---- C:\Program Files\tmp59562.exe
2008-03-21 11:26 . 2008-03-21 11:26 16,560 -r-hs---- C:\Program Files\tmp53671.exe
2008-03-21 09:27 . 2008-03-21 09:27 16,560 -r-hs---- C:\Program Files\tmp57421.exe
2008-03-21 09:26 . 2008-03-21 09:26 16,560 -r-hs---- C:\Program Files\tmp42140.exe
2008-03-20 20:25 . 2008-03-20 20:25 16,560 -r-hs---- C:\Program Files\tmp47296.exe
2008-03-20 20:24 . 2008-03-20 20:24 16,560 -r-hs---- C:\Program Files\tmp42125.exe
2008-03-20 16:37 . 2008-03-20 16:37 471,040 --a------ C:\WINDOWS\system32\Ston3D.ocx
2008-03-20 11:00 . 2008-03-20 11:00 16,560 -r-hs---- C:\Program Files\tmp60968.exe
2008-03-20 11:00 . 2008-03-20 11:00 16,560 -r-hs---- C:\Program Files\tmp55546.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 11:19 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Nokia Multimedia Player
2008-04-07 07:34 --------- d-----w C:\Program Files\World of Warcraft
2008-03-29 11:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 21:29 16,560 --sh--r C:\Program Files\tmp46703.exe
2008-03-19 21:29 16,560 --sh--r C:\Program Files\tmp41437.exe
2008-03-19 17:40 16,560 --sh--r C:\Program Files\tmp48437.exe
2008-03-19 17:39 16,560 --sh--r C:\Program Files\tmp43109.exe
2008-03-19 15:35 16,560 --sh--r C:\Program Files\tmp46312.exe
2008-03-19 15:35 16,560 --sh--r C:\Program Files\tmp40484.exe
2008-03-19 13:01 16,560 --sh--r C:\Program Files\tmp55640.exe
2008-03-19 13:00 16,560 --sh--r C:\Program Files\tmp41187.exe
2008-03-19 08:52 16,560 --sh--r C:\Program Files\tmp46437.exe
2008-03-19 08:52 16,560 --sh--r C:\Program Files\tmp41312.exe
2008-03-18 14:24 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-03-18 11:14 16,560 --sh--r C:\Program Files\tmp62406.exe
2008-03-18 11:14 16,560 --sh--r C:\Program Files\tmp56656.exe
2008-03-18 07:32 16,560 --sh--r C:\Program Files\tmp47453.exe
2008-03-18 07:31 16,560 --sh--r C:\Program Files\tmp42046.exe
2008-03-17 21:01 16,560 --sh--r C:\Program Files\tmp43258046.exe
2008-03-17 09:01 16,560 --sh--r C:\Program Files\tmp47437.exe
2008-03-17 09:01 16,560 --sh--r C:\Program Files\tmp42078.exe
2008-03-16 21:47 16,560 --sh--r C:\Program Files\tmp47921.exe
2008-03-16 21:47 16,560 --sh--r C:\Program Files\tmp42718.exe
2008-03-16 19:00 --------- d-----w C:\Program Files\Warcraft III
2008-03-16 18:12 16,560 --sh--r C:\Program Files\tmp62640.exe
2008-03-16 18:12 16,560 --sh--r C:\Program Files\tmp54109.exe
2008-03-16 09:14 16,560 --sh--r C:\Program Files\tmp110203.exe
2008-03-16 09:14 16,560 --sh--r C:\Program Files\tmp102781.exe
2008-03-16 08:56 16,560 --sh--r C:\Program Files\tmp61375.exe
2008-03-16 08:56 16,560 --sh--r C:\Program Files\tmp55921.exe
2008-03-16 08:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-16 08:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-16 08:27 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\TuneUp Software
2008-03-16 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-16 08:07 16,560 --sh--r C:\Program Files\tmp61234.exe
2008-03-16 08:07 16,560 --sh--r C:\Program Files\tmp55281.exe
2008-03-15 21:51 16,560 --sh--r C:\Program Files\tmp98687.exe
2008-03-15 21:51 16,560 --sh--r C:\Program Files\tmp92968.exe
2008-03-15 01:01 --------- d-----w C:\Program Files\Windows Live
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Shareaza
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Hulabee
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\DivX
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-03-15 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-03-15 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-15 00:53 --------- d-----w C:\Program Files\eMule
2008-03-15 00:53 --------- d-----w C:\Program Files\DivX
2008-03-15 00:48 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-15 00:46 --------- d-----w C:\Program Files\Bonjour
2008-03-15 00:46 --------- d-----w C:\Program Files\Apple Software Update
2008-03-15 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-15 00:45 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-15 00:45 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-03-15 00:45 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-03-15 00:45 --------- d-----w C:\Program Files\DIFX
2008-03-15 00:45 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Nokia
2008-03-15 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-15 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-15 00:44 --------- d-----w C:\Program Files\Nokia
2008-03-15 00:40 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-03-15 00:39 --------- d-----w C:\Program Files\PhotoFiltre
2008-03-15 00:34 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
2008-03-15 00:33 --------- d-----w C:\Program Files\FinePixViewer
2008-03-15 00:33 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2008-03-12 19:20 16,560 --sh--r C:\Program Files\tmp41035171.exe
2008-03-12 19:20 16,560 --sh--r C:\Program Files\tmp41030140.exe
2008-03-05 12:51 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\PlayFirst
2008-03-03 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 17:48 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 17:45 319 ----a-w C:\drmHeader.bin
2008-02-08 12:24 40,730 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-01-25 08:52 680 ----a-w C:\Program Files\mpc2.reg
2007-01-25 08:52 596 ----a-w C:\Program Files\mpc1.reg
2007-01-25 08:52 4,704 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-01-25 08:52 30,772 ----a-w C:\Program Files\ffdsvsetts.reg
2007-01-25 08:52 3,476 ----a-w C:\Program Files\mpc7.reg
2007-01-25 08:52 3,026 ----a-w C:\Program Files\mpc3.reg
2007-01-25 08:52 18,156 ----a-w C:\Program Files\mpc6.reg
2007-01-25 08:52 16,290 ----a-w C:\Program Files\mpc5.reg
2007-01-25 08:52 1,780 ----a-w C:\Program Files\mpc4.reg
2007-01-25 08:52 1,446 ----a-w C:\Program Files\ffdssetts.reg
2007-01-25 08:52 1,172 ----a-w C:\Program Files\ffdsasetts.reg
2007-01-16 22:29 81,920 ----a-w C:\Documents and Settings\bruno BLIN\Application Data\ezpinst.exe
2007-01-16 22:29 47,360 ----a-w C:\Documents and Settings\bruno BLIN\Application Data\pcouffin.sys
2006-10-01 19:21 94,080 ----a-w C:\Documents and Settings\bruno BLIN\Application Data\ezplay.sys
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-01-30 12:52 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
2008-04-11 17:46 334848 --a------ C:\WINDOWS\system32\myss_sb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 16:53 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"jgdcmxnh"="C:\WINDOWS\system32\nmbwhkjk.exe" [2008-04-18 10:27 102400]
"rezltnex"="C:\WINDOWS\system32\xghgbine.exe" [2008-04-20 16:04 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16 376912]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-23 18:49 20480]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Cmaudio"="cmicnfg.cpl" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"aeAzUwh6KI"= C:\Documents and Settings\All Users\Application Data\ludehwpc\lurstgvi.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Dowloarder
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]
S2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-03-19 10:53]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-14 14:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 15:16:40 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 16:04:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\xghgbine.exe 102400 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 43
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 16:11:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 14:11:40
Pre-Run: 4,053,946,368 octets libres
Post-Run: 6,532,423,680 octets libres
416 --- E O F --- 2008-04-11 23:53:20
|
|
Equipe Sécurité
|
|
|
RE
Je t'invite à imprimer la procédure car tu n'auras pas accès à Internet durant celle ci. Je te conseille aussi d'imprimer le tuto de Malwarebytes'.
Télécharge Malwarebytes' Anti-Malware.
tuto: http://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Installe le, mets le à jour et c'est tout.
Télécharge Ccleaner Slim installe le et c'est tout.
Copie le texte se situant dans le cadre ci-dessous :
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jgdcmxnh"=-
"rezltnex"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"aeAzUwh6KI"=-
File::
C:\WINDOWS\system32\xghgbine.exe
C:\WINDOWS\system32\srnpduiv.ini
C:\WINDOWS\pmsoarbf.dll
C:\WINDOWS\npqtsrak.exe
C:\WINDOWS\system32\nmbwhkjk.exe
C:\WINDOWS\system32\myss_sb.dll
Folder::
C:\Documents and Settings\All Users\Application Data\ludehwpc
- Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles-y le texte
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Redémarre en mode sans échec et restes y jusqu'à la fin de la procédure.
Avec Ccleaner Slim :
Clique sur « Options », « Avancé » et décoche la case « Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures ». Clique sur l'onglet « Nettoyeur » puis sur « Lancer le Nettoyage ».
Ensuite clique sur l'onglet Registre, clique sur « Chercher des erreurs » puis sur « Réparer les erreurs sélectionnées ». Il est inutile de sauvegarder les clés.
Avec Combofix :
/!\ Désactive tes protections résidentes durant la procédure /!\
Fais un glisser/déposer du fichier CFScript sur le fichier ComboFix.exe comme sur la capture ICI
Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher enregistre le.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
Reste en mode sans échec.
Fais une analyse avec Malwarebytes' Anti-Malware et supprime tout ce qu'il trouve, puis enregistre le rapport sur le bureau.
Redémarre en mode normal et poste les rapports :
- Combofix, situé ici C:\ComboFix.txt
- Malwarebytes', situé sur le bureau
- Fais une nouvelle analyse avec HijackThis (en mode normal).
|
|
|
|
|
ComboFix 08-04-18.3 - bruno BLIN 2008-04-20 16:51:38.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.611 [GMT 2:00]
Endroit: C:\Documents and Settings\bruno BLIN\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:43 . 2008-04-20 16:43 102,400 --a------ C:\WINDOWS\system32\sdyhgfyh.exe
2008-04-20 16:33 . 2008-04-20 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-20 16:27 . 2008-04-20 16:27 <REP> d-------- C:\Program Files\Yahoo!
2008-04-20 16:27 . 2008-04-20 16:27 <REP> d-------- C:\Program Files\CCleaner
2008-04-20 16:24 . 2008-04-20 16:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 16:24 . 2008-04-20 16:24 <REP> d-------- C:\Documents and Settings\bruno BLIN\Application Data\Malwarebytes
2008-04-20 16:24 . 2008-04-20 16:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 16:04 . 2008-04-20 16:04 102,400 --a------ C:\WINDOWS\system32\xghgbine.exe
2008-04-20 13:43 . 2008-04-20 13:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-20 12:49 . 2008-04-20 15:03 <REP> d-------- C:\Program Files\Navilog1
2008-04-19 13:56 . 2008-04-19 13:56 <REP> d-------- C:\Program Files\StoneTrip
2008-04-19 13:56 . 2008-04-19 13:56 <REP> d-------- C:\Documents and Settings\bruno BLIN\Application Data\StoneTrip
2008-04-18 22:47 . 2008-04-19 22:48 1,541,313 ---hs---- C:\WINDOWS\system32\srnpduiv.ini
2008-04-18 10:28 . 2008-04-16 10:07 290,816 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-18 10:28 . 2008-04-16 10:07 98,304 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-18 10:27 . 2008-04-18 10:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ludehwpc
2008-04-18 10:27 . 2008-04-18 10:27 102,400 --a------ C:\WINDOWS\system32\nmbwhkjk.exe
2008-04-11 17:46 . 2008-04-11 17:46 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-04-09 22:31 . 2008-04-14 17:40 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-03 11:26 . 2008-04-03 11:26 16,560 -r-hs---- C:\Program Files\tmp42015.exe
2008-04-02 22:13 . 2008-04-02 22:13 16,560 -r-hs---- C:\Program Files\tmp57140.exe
2008-04-02 22:13 . 2008-04-02 22:13 16,560 -r-hs---- C:\Program Files\tmp42500.exe
2008-04-02 19:43 . 2008-04-02 19:43 16,560 -r-hs---- C:\Program Files\tmp61140.exe
2008-04-02 19:43 . 2008-04-02 19:43 16,560 -r-hs---- C:\Program Files\tmp55437.exe
2008-04-02 14:20 . 2008-04-02 14:20 16,560 -r-hs---- C:\Program Files\tmp57453.exe
2008-04-02 14:19 . 2008-04-02 14:19 16,560 -r-hs---- C:\Program Files\tmp43281.exe
2008-04-02 11:32 . 2008-04-02 11:32 16,560 -r-hs---- C:\Program Files\tmp59015.exe
2008-04-02 11:32 . 2008-04-02 11:32 16,560 -r-hs---- C:\Program Files\tmp43656.exe
2008-04-02 09:38 . 2008-04-02 09:38 16,560 -r-hs---- C:\Program Files\tmp60671.exe
2008-04-02 09:38 . 2008-04-02 09:38 16,560 -r-hs---- C:\Program Files\tmp54593.exe
2008-04-02 09:26 . 2008-04-02 09:26 16,560 -r-hs---- C:\Program Files\tmp57062.exe
2008-04-02 09:25 . 2008-04-02 09:25 16,560 -r-hs---- C:\Program Files\tmp42687.exe
2008-04-01 22:18 . 2008-04-01 22:18 16,560 -r-hs---- C:\Program Files\tmp56671.exe
2008-04-01 17:29 . 2008-04-01 17:29 16,560 -r-hs---- C:\Program Files\tmp55156.exe
2008-04-01 13:29 . 2008-04-01 13:29 16,560 -r-hs---- C:\Program Files\tmp60812.exe
2008-04-01 13:28 . 2008-04-01 13:28 16,560 -r-hs---- C:\Program Files\tmp55687.exe
2008-04-01 08:37 . 2008-04-01 08:37 16,560 -r-hs---- C:\Program Files\tmp47500.exe
2008-04-01 08:37 . 2008-04-01 08:37 16,560 -r-hs---- C:\Program Files\tmp42406.exe
2008-03-31 23:56 . 2008-03-31 23:56 16,560 -r-hs---- C:\Program Files\tmp47968.exe
2008-03-31 23:56 . 2008-03-31 23:56 16,560 -r-hs---- C:\Program Files\tmp42265.exe
2008-03-31 19:24 . 2008-03-31 19:24 16,560 -r-hs---- C:\Program Files\tmp48734.exe
2008-03-31 19:24 . 2008-03-31 19:24 16,560 -r-hs---- C:\Program Files\tmp43609.exe
2008-03-31 10:43 . 2008-03-31 10:43 16,560 -r-hs---- C:\Program Files\tmp63187.exe
2008-03-31 10:43 . 2008-03-31 10:43 16,560 -r-hs---- C:\Program Files\tmp56406.exe
2008-03-31 10:28 . 2008-03-31 10:28 16,560 -r-hs---- C:\Program Files\tmp49421.exe
2008-03-31 10:27 . 2008-03-31 10:27 16,560 -r-hs---- C:\Program Files\tmp44015.exe
2008-03-31 00:50 . 2008-03-31 00:50 268 --ah----- C:\sqmdata05.sqm
2008-03-31 00:50 . 2008-03-31 00:50 244 --ah----- C:\sqmnoopt05.sqm
2008-03-30 23:50 . 2008-03-30 23:50 16,560 -r-hs---- C:\Program Files\tmp57218.exe
2008-03-30 23:50 . 2008-03-30 23:50 16,560 -r-hs---- C:\Program Files\tmp42593.exe
2008-03-30 18:38 . 2008-03-30 18:38 16,560 -r-hs---- C:\Program Files\tmp61109.exe
2008-03-30 18:38 . 2008-03-30 18:38 16,560 -r-hs---- C:\Program Files\tmp55500.exe
2008-03-30 18:20 . 2008-03-30 18:20 16,560 -r-hs---- C:\Program Files\tmp48109.exe
2008-03-30 18:20 . 2008-03-30 18:20 16,560 -r-hs---- C:\Program Files\tmp42640.exe
2008-03-29 13:12 . 2008-03-29 13:12 16,560 -r-hs---- C:\Program Files\tmp62078.exe
2008-03-29 13:12 . 2008-03-29 13:12 16,560 -r-hs---- C:\Program Files\tmp56828.exe
2008-03-29 11:24 . 2008-03-29 11:24 16,560 -r-hs---- C:\Program Files\tmp47781.exe
2008-03-29 11:23 . 2008-03-29 11:23 16,560 -r-hs---- C:\Program Files\tmp42375.exe
2008-03-28 23:11 . 2008-03-28 23:11 16,560 -r-hs---- C:\Program Files\tmp58609.exe
2008-03-28 23:11 . 2008-03-28 23:11 16,560 -r-hs---- C:\Program Files\tmp43031.exe
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Logs
2008-03-28 18:36 . 2008-03-28 18:36 16,560 -r-hs---- C:\Program Files\tmp48484.exe
2008-03-28 18:35 . 2008-03-28 18:35 16,560 -r-hs---- C:\Program Files\tmp43156.exe
2008-03-28 16:39 . 2008-03-28 16:39 16,560 -r-hs---- C:\Program Files\tmp49000.exe
2008-03-28 16:39 . 2008-03-28 16:39 16,560 -r-hs---- C:\Program Files\tmp43296.exe
2008-03-27 14:50 . 2008-03-27 14:50 16,560 -r-hs---- C:\Program Files\tmp64171.exe
2008-03-27 14:49 . 2008-03-27 14:49 16,560 -r-hs---- C:\Program Files\tmp58750.exe
2008-03-27 14:45 . 2008-03-27 14:45 16,560 -r-hs---- C:\Program Files\tmp63875.exe
2008-03-27 14:45 . 2008-03-27 14:45 16,560 -r-hs---- C:\Program Files\tmp58328.exe
2008-03-27 11:41 . 2008-03-27 11:41 16,560 -r-hs---- C:\Program Files\tmp61343.exe
2008-03-27 11:41 . 2008-03-27 11:41 16,560 -r-hs---- C:\Program Files\tmp54968.exe
2008-03-27 09:56 . 2008-03-27 09:56 16,560 -r-hs---- C:\Program Files\tmp63859.exe
2008-03-27 09:56 . 2008-03-27 09:56 16,560 -r-hs---- C:\Program Files\tmp58156.exe
2008-03-26 23:31 . 2008-03-26 23:31 16,560 -r-hs---- C:\Program Files\tmp56015.exe
2008-03-26 23:31 . 2008-03-26 23:31 16,560 -r-hs---- C:\Program Files\tmp42281.exe
2008-03-26 20:23 . 2008-03-26 20:23 16,560 -r-hs---- C:\Program Files\tmp47703.exe
2008-03-26 20:23 . 2008-03-26 20:23 16,560 -r-hs---- C:\Program Files\tmp41953.exe
2008-03-26 17:51 . 2008-03-26 17:51 16,560 -r-hs---- C:\Program Files\tmp47718.exe
2008-03-26 17:51 . 2008-03-26 17:51 16,560 -r-hs---- C:\Program Files\tmp42578.exe
2008-03-26 15:26 . 2008-03-26 15:26 16,560 -r-hs---- C:\Program Files\tmp48875.exe
2008-03-26 15:26 . 2008-03-26 15:26 16,560 -r-hs---- C:\Program Files\tmp43578.exe
2008-03-26 13:05 . 2008-03-26 13:05 16,560 -r-hs---- C:\Program Files\tmp47609.exe
2008-03-26 13:05 . 2008-03-26 13:05 16,560 -r-hs---- C:\Program Files\tmp42343.exe
2008-03-25 21:17 . 2008-03-25 21:17 16,560 -r-hs---- C:\Program Files\tmp61828.exe
2008-03-25 21:16 . 2008-03-25 21:16 16,560 -r-hs---- C:\Program Files\tmp55781.exe
2008-03-25 18:56 . 2008-03-25 18:56 16,560 -r-hs---- C:\Program Files\tmp48265.exe
2008-03-25 18:56 . 2008-03-25 18:56 16,560 -r-hs---- C:\Program Files\tmp43078.exe
2008-03-25 17:20 . 2008-03-25 17:20 16,560 -r-hs---- C:\Program Files\tmp46390.exe
2008-03-25 17:19 . 2008-03-25 17:19 16,560 -r-hs---- C:\Program Files\tmp40468.exe
2008-03-25 09:55 . 2008-03-25 09:55 16,560 -r-hs---- C:\Program Files\tmp57031.exe
2008-03-25 09:55 . 2008-03-25 09:55 16,560 -r-hs---- C:\Program Files\tmp42156.exe
2008-03-24 20:09 . 2008-03-24 20:09 16,560 -r-hs---- C:\Program Files\tmp48171.exe
2008-03-24 20:09 . 2008-03-24 20:09 16,560 -r-hs---- C:\Program Files\tmp42765.exe
2008-03-22 15:54 . 2008-03-22 15:54 16,560 -r-hs---- C:\Program Files\tmp49046.exe
2008-03-22 15:53 . 2008-03-22 15:53 16,560 -r-hs---- C:\Program Files\tmp43828.exe
2008-03-22 14:04 . 2008-03-22 14:04 16,560 -r-hs---- C:\Program Files\tmp48078.exe
2008-03-22 14:04 . 2008-03-22 14:04 16,560 -r-hs---- C:\Program Files\tmp42453.exe
2008-03-22 10:49 . 2008-03-22 10:49 16,560 -r-hs---- C:\Program Files\tmp61687.exe
2008-03-22 10:49 . 2008-03-22 10:49 16,560 -r-hs---- C:\Program Files\tmp56593.exe
2008-03-21 23:10 . 2008-03-21 23:10 16,560 -r-hs---- C:\Program Files\tmp61218.exe
2008-03-21 23:10 . 2008-03-21 23:10 16,560 -r-hs---- C:\Program Files\tmp54812.exe
2008-03-21 20:18 . 2008-03-21 20:18 16,560 -r-hs---- C:\Program Files\tmp61843.exe
2008-03-21 20:18 . 2008-03-21 20:18 16,560 -r-hs---- C:\Program Files\tmp55375.exe
2008-03-21 13:12 . 2008-03-21 13:12 16,560 -r-hs---- C:\Program Files\tmp61250.exe
2008-03-21 13:11 . 2008-03-21 13:11 16,560 -r-hs---- C:\Program Files\tmp56031.exe
2008-03-21 11:26 . 2008-03-21 11:26 16,560 -r-hs---- C:\Program Files\tmp59562.exe
2008-03-21 11:26 . 2008-03-21 11:26 16,560 -r-hs---- C:\Program Files\tmp53671.exe
2008-03-21 09:27 . 2008-03-21 09:27 16,560 -r-hs---- C:\Program Files\tmp57421.exe
2008-03-21 09:26 . 2008-03-21 09:26 16,560 -r-hs---- C:\Program Files\tmp42140.exe
2008-03-20 20:25 . 2008-03-20 20:25 16,560 -r-hs---- C:\Program Files\tmp47296.exe
2008-03-20 20:24 . 2008-03-20 20:24 16,560 -r-hs---- C:\Program Files\tmp42125.exe
2008-03-20 16:37 . 2008-03-20 16:37 471,040 --a------ C:\WINDOWS\system32\Ston3D.ocx
2008-03-20 11:00 . 2008-03-20 11:00 16,560 -r-hs---- C:\Program Files\tmp60968.exe
2008-03-20 11:00 . 2008-03-20 11:00 16,560 -r-hs---- C:\Program Files\tmp55546.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 11:19 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Nokia Multimedia Player
2008-04-07 07:34 --------- d-----w C:\Program Files\World of Warcraft
2008-03-29 11:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 21:29 16,560 --sh--r C:\Program Files\tmp46703.exe
2008-03-19 21:29 16,560 --sh--r C:\Program Files\tmp41437.exe
2008-03-19 17:40 16,560 --sh--r C:\Program Files\tmp48437.exe
2008-03-19 17:39 16,560 --sh--r C:\Program Files\tmp43109.exe
2008-03-19 15:35 16,560 --sh--r C:\Program Files\tmp46312.exe
2008-03-19 15:35 16,560 --sh--r C:\Program Files\tmp40484.exe
2008-03-19 13:01 16,560 --sh--r C:\Program Files\tmp55640.exe
2008-03-19 13:00 16,560 --sh--r C:\Program Files\tmp41187.exe
2008-03-19 08:52 16,560 --sh--r C:\Program Files\tmp46437.exe
2008-03-19 08:52 16,560 --sh--r C:\Program Files\tmp41312.exe
2008-03-18 14:24 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-03-18 11:14 16,560 --sh--r C:\Program Files\tmp62406.exe
2008-03-18 11:14 16,560 --sh--r C:\Program Files\tmp56656.exe
2008-03-18 07:32 16,560 --sh--r C:\Program Files\tmp47453.exe
2008-03-18 07:31 16,560 --sh--r C:\Program Files\tmp42046.exe
2008-03-17 21:01 16,560 --sh--r C:\Program Files\tmp43258046.exe
2008-03-17 09:01 16,560 --sh--r C:\Program Files\tmp47437.exe
2008-03-17 09:01 16,560 --sh--r C:\Program Files\tmp42078.exe
2008-03-16 21:47 16,560 --sh--r C:\Program Files\tmp47921.exe
2008-03-16 21:47 16,560 --sh--r C:\Program Files\tmp42718.exe
2008-03-16 19:00 --------- d-----w C:\Program Files\Warcraft III
2008-03-16 18:12 16,560 --sh--r C:\Program Files\tmp62640.exe
2008-03-16 18:12 16,560 --sh--r C:\Program Files\tmp54109.exe
2008-03-16 09:14 16,560 --sh--r C:\Program Files\tmp110203.exe
2008-03-16 09:14 16,560 --sh--r C:\Program Files\tmp102781.exe
2008-03-16 08:56 16,560 --sh--r C:\Program Files\tmp61375.exe
2008-03-16 08:56 16,560 --sh--r C:\Program Files\tmp55921.exe
2008-03-16 08:27 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-16 08:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-16 08:27 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\TuneUp Software
2008-03-16 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-16 08:07 16,560 --sh--r C:\Program Files\tmp61234.exe
2008-03-16 08:07 16,560 --sh--r C:\Program Files\tmp55281.exe
2008-03-15 21:51 16,560 --sh--r C:\Program Files\tmp98687.exe
2008-03-15 21:51 16,560 --sh--r C:\Program Files\tmp92968.exe
2008-03-15 01:01 --------- d-----w C:\Program Files\Windows Live
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Shareaza
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Hulabee
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\DivX
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-15 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-03-15 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-03-15 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-15 00:53 --------- d-----w C:\Program Files\eMule
2008-03-15 00:53 --------- d-----w C:\Program Files\DivX
2008-03-15 00:48 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-03-15 00:46 --------- d-----w C:\Program Files\Bonjour
2008-03-15 00:46 --------- d-----w C:\Program Files\Apple Software Update
2008-03-15 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-15 00:45 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-15 00:45 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-03-15 00:45 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-03-15 00:45 --------- d-----w C:\Program Files\DIFX
2008-03-15 00:45 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\Nokia
2008-03-15 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-15 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-15 00:44 --------- d-----w C:\Program Files\Nokia
2008-03-15 00:40 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-03-15 00:39 --------- d-----w C:\Program Files\PhotoFiltre
2008-03-15 00:34 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
2008-03-15 00:33 --------- d-----w C:\Program Files\FinePixViewer
2008-03-15 00:33 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2008-03-12 19:20 16,560 --sh--r C:\Program Files\tmp41035171.exe
2008-03-12 19:20 16,560 --sh--r C:\Program Files\tmp41030140.exe
2008-03-05 12:51 --------- d-----w C:\Documents and Settings\bruno BLIN\Application Data\PlayFirst
2008-03-03 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 17:48 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 17:45 319 ----a-w C:\drmHeader.bin
2008-02-08 12:24 40,730 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-01-25 08:52 680 ----a-w C:\Program Files\mpc2.reg
2007-01-25 08:52 596 ----a-w C:\Program Files\mpc1.reg
2007-01-25 08:52 4,704 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-01-25 08:52 30,772 ----a-w C:\Program Files\ffdsvsetts.reg
2007-01-25 08:52 3,476 ----a-w C:\Program Files\mpc7.reg
2007-01-25 08:52 3,026 ----a-w C:\Program Files\mpc3.reg
2007-01-25 08:52 18,156 ----a-w C:\Program Files\mpc6.reg
2007-01-25 08:52 16,290 ----a-w C:\Program Files\mpc5.reg
2007-01-25 08:52 1,780 ----a-w C:\Program Files\mpc4.reg
2007-01-25 08:52 1,446 ----a-w C:\Program Files\ffdssetts.reg
2007-01-25 08:52 1,172 ----a-w C:\Program Files\ffdsasetts.reg
2007-01-16 22:29 81,920 ----a-w C:\Documents and Settings\bruno BLIN\Application Data\ezpinst.exe
2007-01-16 22:29 47,360 ----a-w C:\Documents and Settings\bruno BLIN\Application Data\pcouffin.sys
2006-10-01 19:21 94,080 ----a-w C:\Documents and Settings\bruno BLIN\Application Data\ezplay.sys
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-01-30 12:52 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.
((((((((((((((((((((((((((((( snapshot@2008-04-20_16.11.26.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 14:03:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 14:46:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
2008-04-11 17:46 334848 --a------ C:\WINDOWS\system32\myss_sb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 16:53 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"jgdcmxnh"="C:\WINDOWS\system32\nmbwhkjk.exe" [2008-04-18 10:27 102400]
"rezltnex"="C:\WINDOWS\system32\xghgbine.exe" [2008-04-20 16:04 102400]
"qsohnaaj"="C:\WINDOWS\system32\sdyhgfyh.exe" [2008-04-20 16:43 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16 376912]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2003-09-23 18:49 20480]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Cmaudio"="cmicnfg.cpl" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 21:33 57344]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
C:\Documents and Settings\bruno BLIN\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-01-30 11:06:18 5484544]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-02-15 04:48:14 3631752]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-12-24 20:30:13 282624]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-03-18 18:46:04 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"aeAzUwh6KI"= C:\Documents and Settings\All Users\Application Data\ludehwpc\lurstgvi.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Dowloarder
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
S2 cdenable;cdenable;C:\WINDOWS\system32\Drivers\cdenable.sys []
S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-03-19 10:53]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 14:00]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-14 14:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 15:16:40 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 16:53:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 16:56:19
ComboFix-quarantined-files.txt 2008-04-20 14:55:45
ComboFix2.txt 2008-04-20 14:11:46
P | | |
